InterContinental Hotels Group Breach Checks In at 1,200 Locations

IHG franchises in its Americas region were hit with a point-of-sale malware breach, affecting 1,200 hotels ranging from its Crowne Plaza to Holiday Inn Express.

InterContinental Hotels Group franchisees were hit with malware on their point-of-sale systems (POS), which allowed cyberthieves to make off with credit cardholder names, card numbers, expiration dates and back-of-the-card security numbers at 1,200 IHG locations in the Americas.

The breach occurred from Sept. 29 to Dec. 29 at IHG franchises, ranging from the Crowne Plaza to its Holiday Inn Express, IHG announced late last week. And although it did not list the scope of the breach, Data Breach Today reported 1,200 locations were affected.

IHG became aware of the breach after its franchisees began getting notices from payment card networks that their customers were incurring unauthorized charges after having used their credit cards at IHG hotels. IHG's investigation found malware on POS systems was capturing credit card information used at the front desk of a number of its franchisees' hotels.

According to IHG, hotels that loaded its point-to-point encryption payment acceptance solution, Secure Payment Solution (SPS), prior to Sept. 29 were not affected by the malware and those that did so after that date found, once it was installed, the malware could not pilfer the information on the card.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy i...